CVE-2021-26598

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt